New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove protocol restriction for SRV records in cloudflare_dns module. Fixes #36708 #36709
Conversation
@@ -44,7 +44,7 @@ | |||
proto: | |||
description: Service protocol. Required for C(type=SRV) | |||
required: false | |||
choices: [ 'tcp', 'udp' ] | |||
choices: [ 'tcp', 'udp', 'tls' ] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you please mention like this in description
option 'tls' is added version 2.6
58fafc5
to
33d2306
Compare
Ok, up until now I had simply assumed that tcp and udp were the only two allowed values for the SRV record protocol field. Yet, taking a closer look at RFC 2782 those two protocols are simply listed as "at present the most useful values for this field". Likewise CloudFlare appear to accept all kinds of values in the protocol position, not simply tcp, udp, and tls. @DennisGlindhart Is there any specific and/or common use case for naming the tls protocol in SRV records? That is, does it make the most sense to explicit add tls as an allowed parameter value, or does it make more sense to fully remove the present restrictions? |
@andreaso According to RFC 2782 all kinds of values are allowed, yes. Although, using the Cloudflare Admin-UI in the browser, it seems that only tcp, udp and tls are possible to create in CF. It might be worth investigating whether or not CF allows for other types when using the API instead. If CF really does support arbitrary values, I think it would make sense to remove the restriction completely. I'll try to investigate further and adjust PR accordingly. |
Using the API (or more specifically, by using a locally modified cloudflare_dns module) I managed to create a SRV record with the made-up zebra protocol. On the other hand, there is a benefit in keeping a restrictive parameter list, as it makes it easier to use the module properly. Especially since it's to my knowledge is very unusual for people to need SRV records for arbitrary protocols. Hence back to my original question, what's the use case for the tls protocol in this context? |
@andreaso Yep - I was also able to create some "random" protocol via the API. So TL;DR: Cloudflare API allows us to follow the RFC and use arbitrary protocol. Although tcp, udp and tls are probably enough for 99% of users, there are valid scenarios for other protocols as well. (Maybe we will soon see more protocols used (i.e SCTP or DCCP) when NAT is more or less going away with IPv6 currently preventing use of other protocols than TCP and UDP) I don't think removing the restriction makes the module that much harder to use, and following the standard is more important when we have the possibility. We can write the "normal" values (tcp & udp) in the description. I think people using this module will mostly be copying the values from some reference (like the link above) - or alternatively - know what they are doing. I'm thinking of just remove the restrictions then - Agree? |
Thanks for helping me sort out what is what here! At this point I can see the merit with both approaches, and I'll be willing to approve whichever one you choose to move forward with in this pull request. |
33d2306
to
941bee4
Compare
I have now removed the restriction altogether so we follow the RFC. I've also "rebased" / removed my previous commits (adding tls) so this is one clean commit and changed the title of the PR to be more correct. I think this should be ready for merge now. Thanks for all your help! cc @andreaso |
@@ -42,9 +42,8 @@ | |||
required: false | |||
default: "1" | |||
proto: | |||
description: Service protocol. Required for C(type=SRV) | |||
description: Service protocol. Required for C(type=SRV). Common values are tcp and udp. (Before Ansible 2.6 only tcp and udp were available) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missing . at end.
@@ -42,9 +42,8 @@ | |||
required: false | |||
default: "1" | |||
proto: | |||
description: Service protocol. Required for C(type=SRV) | |||
description: Service protocol. Required for C(type=SRV). Common values are tcp and udp. (Before Ansible 2.6 only tcp and udp were available) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also, add this note is CHANGELOG.md telling end-user about this.
941bee4
to
ea0d2fd
Compare
shipit |
@Akasurde: Happy as well? |
@Akasurde I adjusted according to your review/change requests and pushed a new commit replacing the existing one with the intention to to keep history simple, but the automated bot/checks does not seem to have picked up the change (maybe because it wasn't a new commit on top of the existing one). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Assuming udp
and UdP
work the same. Otherwise use tolower
As a general rule DNS names are compared without considering case. When it comes to SRV records RFC 2782 explicitly states that "The Proto is case insensitive." |
Thanks for confirming |
rebuild_merge |
@DennisGlindhart @andreaso @gundalow Thanks for contribution. |
SUMMARY
Remove protocol restriction for SRV records in cloudflare_dns module. Fixes #36708
ISSUE TYPE
COMPONENT NAME
cloudflare_dns
ANSIBLE VERSION